Uncle Sam may not be monitoring your online purchases and e-mail messages anytime soon. The Bush administration's proposed plans for an Internet-wide network operations and monitoring center to detect and defend against major cyber attacks have been scaled back.

The White House wanted Internet service providers (ISPs) to help create a system to monitor Internet use. As part of the government's Homeland Defense strategy, President Bush's Critical Infrastructure Protection Board began work last year on the National Strategy to Secure Cyberspace.

Part of the effort was aimed at getting ISPs to work together to share information quickly during cyber attacks and virus outbreaks. Currently, each ISP acts independently and has its own network operations center (NOC) that allows security specialists to constantly monitor network traffic and catch outages, viruses, and attacks before they can wreak havoc.

The administration wanted to formalize such data sharing by creating a cyberspace NOC that would serve as a central clearinghouse for such information. But many, including ISPs, were not convinced the potential security benefits would outweigh the privacy risks. Under current federal wiretap laws, privately operated centers can, in some circumstances, analyze e-mails and other data flowing across parts of the Internet without a judge's approval.

Some Internet-industry executives and lawyers said they would raise serious civil-liberties concerns if the U.S. government, not an industry consortium, were to operate an Internet monitoring center. But Richard Clarke, Bush's former cyberspace advisor, said the government would not eavesdrop on individuals' e-mails and that its plan articulated a strong policy of protecting citizens' cyberspace privacy.

The final draft of the document, released in mid-February, proposes a limited role for the federal government and suggests that industry should take the lead in securing the Internet. It proposes that the government: set up a national cyberspace monitoring system, push more secure Internet security standards, create a reliable system for vulnerability disclosure, and improve cyber-security training.

The Bush administration also was forced to scale back its plan to monitor U.S. citizens' information in an attempt to identify terrorists. Congress recently agreed to suspend funding for the Defense Department's Total Information Awareness (TIA) program, whose purpose is to search for potential terrorists by monitoring information gathered from Americans' bank accounts, medical records, credit card purchases, and academic records. The controversial data-mining program, led by retired admiral John Poindexter, who was convicted of lying to Congress in the Iran-Contra scandal, has been called an expansive surveillance program by some.

Sen. Ron Wyden (D-Ore.) and Sen. Chuck Grassley (R-Iowa) cosponsored an amendment to the budget bill that suspended funding for the TIA program until the Bush administration

* explained it to Congress in detail, including its impact on civil liberties

* barred any use of the technology against U.S. citizens without prior congressional approval

One hundred senators voted in favor of the provision to set limits on the administration's ability to snoop into the private lives of Americans. But before it can become law, Congress must reach an agreement on the overall spending bill in which it was included. Even then, President Bush can veto the entire bill.

COPYRIGHT 2003 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.